Computer Science

Chapter 9 - Security

9.01 Introduction
Computer systems are used to store and process data in many ways:

● companies: data about their customer’s accounts

● doctors: data about their patients
● research scientists: keep data from experiments
● students: keep data in the form of notes
● police: keep data about their investigations and suspects

❖ data has value

❖ more accurate and complete the data = more valuable
❖ if data is lost, corrupted, or accidentally changed, it loses value
❖ it is possible for data to be accidentally or intentionally, changed or deleted
❖ computer security helps to keep the data safe from loss, deletion, change and
corruption
❖ computer security: protection of computers from unauthorized access and the
protection of data from loss, maintaining the value fo the data
 2

9.02 Security and Prevention Against Accidental Data

Loss or Change
Data can be lost, deleted, changed, or corrupted in a variety of ways:

● human error: accidental deletion or overwriting of files (when new data is

written over an existing one in the same physical space, causing the
original data to be inaccessible)
● theft: having a laptop or smartphone stolen
● physical causes: fire or water damage to equipment
● power failure: faulty power supply or battery, causing laptop to go in
sudden sleep/shutdown, so data in volatile memory (RAM) is not saved to
permanent memory
● hardware failure: damaged hard disk drive
● misplacing portable media: DVDs and memory sticks

Two methods of computer security to help prevent unintentional data loss:

● backups of data help to retrieve data when it is lost

● verification helps prevent data loss from occurring

Backups
❖ once data is lost, we cannot get it back
❖ a sensible safety measure is to make a copy of the data
❖ backup: copy of data being used that we can keep in case of data loss
❖ the data is copied onto a separate storage medium (kept separate from main
system)
❖ if data is accidentally lost, corrupted, or deleted, the copy of the data can be
transferred back to the computer system

we can backup data is various storage media:

● magnetic media: external hard disk drives and magnetic tape

● optical media: CDs, DVDs, Blu-ray disks
● cloud storage: online backup facility so that phone data can be
automatically backed up each day
 3

in order for a backup to be of any value, we must update is regularly:

● bank: make backups several times each day because the number of
financial transactions taking place and the importance they have
● doctor’s surgery: make a backup of patient records each evening
● school: make a backup of student and teacher records at the end of each
week
● home user: make a backup occasionally

automatic backup:

- computer system automatically makes a copy of the data

- eg. organisations

manual backup:

- backup data when they remember to, or feel the need to do so

- eg. home users

Verification
❖ prevent data loss from occurring in the first place
❖ verification: a check that asks the user to confirm whether or not they wish to
go ahead with an instruction (normally in the form of a question in a dialogue
box, and user responds with a confirmation or cancellation)

when does computer systems ask for verification?:

● when attempting to save a file with a filename that already exists in that
location
● when copying an older version of a file into a folder that contains a newer
version of that document
● when deleting a record or amending data in a database
 4

9.03 Unauthorised Access to Computer Systems and

Data
❖ keeping data safe from unauthorised access as data may be sensitive or private
❖ it is just as, if not more, important than protecting the data’s value
❖ data in computer system can be accessed locally or online
❖ local access: user has physical access to the computer system and its data
❖ online acces: user is able to access the computer system and its data via a
network or the internet
❖ attacks: unauthorised attempts at accessing data

Malware
❖ designed to disrupt or modify a computer system and its data
❖ installed on a computer system without the user’s knowledge
❖ software is accidentally downloaded from email attachments, USB RAM sticks,
and websites
❖ can cause considerable damage, or at the least, great inconvenience

types of malware:

● viruses: self-replicating software designed to disrupt the normal operation

of a computer and can cause data loss by deleting and corrupting files
● worms: programs that replicate themselves over and over, filling the
computer’s storage, causing the computer to run slowly or stop running
altogether
● trojan horses: programs that disguise themselves as other programs,
acting like any other virus, deleting and corrupting files
● spyware: collect personal and sensitive data and send it to the spyware’s
author

Phishing
❖ phishing: attempt to gain something (data) by using bait
❖ usually comes in the form of an email
 5

❖ the email will look like it is from a person or organisation that is known to and
trusted by the user
❖ eg. from banks or online auction sites
❖ email often states that there is a problem with the user’s online account and asks
from confirmation of personal data to investigate the issue
❖ designed to trick a user into giving data such as back account details, or
usernames and passwords to websites
❖ a phishing email looks like a genuine email, but usually asks the user to click on a
hyperlink
❖ the hyperlink then transfers the user to a fake website that looks like the
organisation’s real website
❖ the website asks the user to enter their personal data
❖ this personal data is used by criminals to steal money or buy items online

Pharming
❖ pharming: attempts to trick the user into giving their personal data by using
fake websites
❖ when user tries to visit a genuine website, they are re-directed to a fake website
that looks very much like the real site
❖ each website has a domain name that is translated into an IP address
❖ the user’s browser is directed to the IP address, giving access to the website
❖ malware installed on the user’s computer looks for domain names of reputable
sites and translates them into different IP addresses, those of fake websites
❖ instead of visiting a genuine website, the user is directed to a fake website
instead

Denial of Service (DoS) Attacks

❖ not designed to gain access to data, they prevent access to data
❖ websites and networks are accessed through servers
❖ when a user’s computer wants to access data on a server, it send a transmission
known as a request
❖ the server acknowledges the request and send the requested data to the user
❖ when a server receives a large number of requests, each of them are places into
a queue and dealt with in turn
 6

❖ DoS attack: attempts to prevent access to a server by sending it more requests

than it can handle
❖ the request queue becomes so large that the server cannot respond to all
requests within a reasonable time, preventing it from providing a service
❖ usually attacks that come from one computer
❖ Distributed Denial of Service (DDoS) attack: two or more computers attack a
server at the same time, requests are distributed among a number of computers
❖ usually, the attacking computers are infected with malware that instructs the
computer to continually send requests to a server

9.04 Security and Protection Against Attacks

Physical Security
❖ physical security: security which prevents physical access to a computer
❖ prevents local access to the system and data

can be implemented in several ways:

● locks: computer system, data, and backups can be kept in a locked room,
so only authorised users can have physical access
● CCTV: cameras can be used to monitor who physically accesses a system,
and can help deter users who have no authority as they know they will be
seen accessing the data
● security guards: employing security guards where data is especially
sensitive as an extra level of security to help deter those users who do not
have permission to access a computer system
❖ simple and can be quite effective
❖ but only prevent or deter a user from accessing a data without permission
❖ cannot help recover data that has been lost

Authentication
❖ authentication: security which prevents access to a computer even if the user
has physical access
 7

❖ guards against an unauthorised user attempting to gain access remotely (over

the internet)
❖ combination of user identification (user ID) and password protection
❖ user ID: name a user uses to identify themselves to a computer system (often
take the form of the user’s name)
❖ password: secret word or series of characters, known only by the user, that
pairs with the user ID
❖ only the correct combination of user ID and password allows access to the
system
❖ a user ID and password can be a fairly secure method of preventing unauthorised
access to a computer system and its data
❖ however, some users can make it quite easy for someone else to guess their
password

weak passwords:

● date of birth
● name of family member
● name of pet
● their initials
● favourite item, hobby, or place

strong password (difficult to guess):

● at least eight characters in length

● does not contain user ID, real name, or organisation name
● does not contain a complete word
● significantly different from previous passwords
● mixture of characters including upper and lower cases, numbers, symbols
❖ another problem that can occur is that users often use the same passwords for
different systems
8